ScreenShot
| Created | 2023.08.28 09:45 | Machine | s1_win7_x6401 |
| Filename | oebd595d1a23f36763e746f48750d171a.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 33 detected (AIDetectMalware, Stealerc, malicious, high confidence, score, Kryptik, V6ie, confidence, 100%, TrojanPSW, Attribute, HighConfidence, GenKryptik, GNFL, FileRepMalware, Misc, FalseSign, Iqil, jjfaw, Artemis, moderate, Krypt, Malware@#364bt5hcpxiq6, Leonem, unsafe, CLOUD, Static AI, Suspicious PE, ZexaF, HMY@ay9Zn4ni) | ||
| md5 | 2d4fd05bdccee76bac5231cfa4da5130 | ||
| sha256 | 7083e4774a68e23dd2f9239e5108f6615ff945a0673e7e975ab2ca2d4cb297d3 | ||
| ssdeep | 24576:f9pwADGez1Y0ve8Q7SlDhJD2/m/2Kq+nirnycpw0SrkrO:1p80v/XDhJD2/m/2Kq+ijyccrkr | ||
| imphash | 5fc71b291b4cc66f107eae1b9c82ef58 | ||
| impfuzzy | 24:U2rufCejrOov1lDq1ncLVr+X53Qr9WNOqdQGMZgESI/QL:UcufCCahc5KXlhNOqdQGhXXL | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
IPHLPAPI.DLL
0x686170 GetTcpTable
0x686174 SetTcpEntry
KERNEL32.dll
0x68617c DeleteCriticalSection
0x686180 EnterCriticalSection
0x686184 ExitProcess
0x686188 FindClose
0x68618c FindFirstFileA
0x686190 FindNextFileA
0x686194 FreeLibrary
0x686198 GetCommandLineA
0x68619c GetLastError
0x6861a0 GetModuleHandleA
0x6861a4 GetProcAddress
0x6861a8 GetTempPathA
0x6861ac GetTickCount
0x6861b0 InitializeCriticalSection
0x6861b4 LeaveCriticalSection
0x6861b8 LoadLibraryA
0x6861bc SetUnhandledExceptionFilter
0x6861c0 TlsGetValue
0x6861c4 VirtualProtect
0x6861c8 VirtualQuery
msvcrt.dll
0x6861d0 _strdup
0x6861d4 _stricoll
msvcrt.dll
0x6861dc __getmainargs
0x6861e0 __mb_cur_max
0x6861e4 __p__environ
0x6861e8 __p__fmode
0x6861ec __set_app_type
0x6861f0 _cexit
0x6861f4 _errno
0x6861f8 _fpreset
0x6861fc _fullpath
0x686200 _iob
0x686204 _isctype
0x686208 _onexit
0x68620c _pctype
0x686210 _setmode
0x686214 abort
0x686218 atexit
0x68621c calloc
0x686220 free
0x686224 fwrite
0x686228 malloc
0x68622c mbstowcs
0x686230 memcpy
0x686234 realloc
0x686238 setlocale
0x68623c signal
0x686240 strcoll
0x686244 strlen
0x686248 tolower
0x68624c vfprintf
0x686250 wcstombs
USER32.dll
0x686258 CreateWindowExW
0x68625c EnumThreadWindows
0x686260 GetMessageA
EAT(Export Address Table) is none
IPHLPAPI.DLL
0x686170 GetTcpTable
0x686174 SetTcpEntry
KERNEL32.dll
0x68617c DeleteCriticalSection
0x686180 EnterCriticalSection
0x686184 ExitProcess
0x686188 FindClose
0x68618c FindFirstFileA
0x686190 FindNextFileA
0x686194 FreeLibrary
0x686198 GetCommandLineA
0x68619c GetLastError
0x6861a0 GetModuleHandleA
0x6861a4 GetProcAddress
0x6861a8 GetTempPathA
0x6861ac GetTickCount
0x6861b0 InitializeCriticalSection
0x6861b4 LeaveCriticalSection
0x6861b8 LoadLibraryA
0x6861bc SetUnhandledExceptionFilter
0x6861c0 TlsGetValue
0x6861c4 VirtualProtect
0x6861c8 VirtualQuery
msvcrt.dll
0x6861d0 _strdup
0x6861d4 _stricoll
msvcrt.dll
0x6861dc __getmainargs
0x6861e0 __mb_cur_max
0x6861e4 __p__environ
0x6861e8 __p__fmode
0x6861ec __set_app_type
0x6861f0 _cexit
0x6861f4 _errno
0x6861f8 _fpreset
0x6861fc _fullpath
0x686200 _iob
0x686204 _isctype
0x686208 _onexit
0x68620c _pctype
0x686210 _setmode
0x686214 abort
0x686218 atexit
0x68621c calloc
0x686220 free
0x686224 fwrite
0x686228 malloc
0x68622c mbstowcs
0x686230 memcpy
0x686234 realloc
0x686238 setlocale
0x68623c signal
0x686240 strcoll
0x686244 strlen
0x686248 tolower
0x68624c vfprintf
0x686250 wcstombs
USER32.dll
0x686258 CreateWindowExW
0x68625c EnumThreadWindows
0x686260 GetMessageA
EAT(Export Address Table) is none